System Development Life Cycle
System Development Life Cycle
Irene Anderson
CMGT/582 - CIS Security and Ethics
June 23, 2014
Krystal Hall
System Development Life Cycle
“Both risk governance and regulatory requirements emphasize the need for an effective risk management plan. And to effectively manage risk, it is important that definitions of the risk management plan objectives are clear from the start, so that the plan can head in the right direction. Risk management of information assets also provides a strong basis for information security activities, such as controlling risk to the confidentiality, integrity, and availability of information aligning mitigation efforts with business objectives, and providing cost-effective solutions after analyzing security risks” (University of Phoenix - Skillsoft®, 2012).
A security development life cycle is a guide for ensuring that security is continually being improved. Security lifecycle implementation requires policy and standards implementation from the start. Security policy and standards are the foundation to any component of a security plan. These are especially critical in both the assessment and protection phase of the lifecycle. The assessment phase will use the standards and policy as the basis of conducting the assessment. Resources will be evaluated against the security policy. During the protection phase, resources will be configured to meet policy and standards.
Security should be addressed at all stages of the systems development life cycle (SDLC). “The systems development life cycle (SDLC) is a methodology for the design and implementation of an information system. A methodology is a formal approach to solving a problem by means of a structured sequence of procedures. Using a methodology ensures a rigorous process with a clearly defined goal and increases the probability of success. Completion of methodology adoption triggers activities such as, establishing key milestones and team selection ensuring accountability for
Irene Anderson
CMGT/582 - CIS Security and Ethics
June 23, 2014
Krystal Hall
System Development Life Cycle
“Both risk governance and regulatory requirements emphasize the need for an effective risk management plan. And to effectively manage risk, it is important that definitions of the risk management plan objectives are clear from the start, so that the plan can head in the right direction. Risk management of information assets also provides a strong basis for information security activities, such as controlling risk to the confidentiality, integrity, and availability of information aligning mitigation efforts with business objectives, and providing cost-effective solutions after analyzing security risks” (University of Phoenix - Skillsoft®, 2012).
A security development life cycle is a guide for ensuring that security is continually being improved. Security lifecycle implementation requires policy and standards implementation from the start. Security policy and standards are the foundation to any component of a security plan. These are especially critical in both the assessment and protection phase of the lifecycle. The assessment phase will use the standards and policy as the basis of conducting the assessment. Resources will be evaluated against the security policy. During the protection phase, resources will be configured to meet policy and standards.
Security should be addressed at all stages of the systems development life cycle (SDLC). “The systems development life cycle (SDLC) is a methodology for the design and implementation of an information system. A methodology is a formal approach to solving a problem by means of a structured sequence of procedures. Using a methodology ensures a rigorous process with a clearly defined goal and increases the probability of success. Completion of methodology adoption triggers activities such as, establishing key milestones and team selection ensuring accountability for
References: National Security Telecommunications and Information Systems Security Committee. (2000). National Information Assurance Certification and Accreditation Process (NIACAP). Retrieved from https://www.fismacenter.com/nstissi_1000.pdf Onpointcorp.com. (n.d.). Incorporating Security into the System Development Life Cycle (SDLC). Retrieved from http://www.onpointcorp.com/uploads/137/doc/Security_in_the_SDLC.pdf SANS Institute. (2007). Certification and Accreditation (C&A) Vs System Development Life Cycle Management (SDLC). Retrieved from http://www.sans.org/reading-room/whitepapers/auditing/certification-accreditation-c-a-system-development-life-cycle-management-sdlc-1961 University of Phoenix - Skillsoft®. (2012). CISM 2012: Information Risk Management and Compliance (Part 1): Information Risk Management Overview. Retrieved from https://library.skillport.com/courseware/Content/cca/sp_cisn_a04_it_enus//output/t4/misc/transcript.html Whitman, M. E. (2012). Principles of Information Security (4th ed.). Mason, OH: Cengage Learning.